VYPR

Integrated Remote Access Controller Firmware

by Dell

CVEs (39)

  • CVE-2015-7273CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.01

    Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE.

  • CVE-2015-7272CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.03

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input.

  • CVE-2015-7271CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.03

    Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.

  • CVE-2015-7274HigApr 10, 2017
    risk 0.57cvss 8.8epss 0.02

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.

  • CVE-2015-7270HigApr 10, 2017
    risk 0.51cvss 7.8epss 0.01

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal.

  • CVE-2015-7275MedApr 10, 2017
    risk 0.40cvss 6.1epss 0.01

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS.

  • CVE-2022-24422May 26, 2022
    risk 0.01cvss epss 0.54

    Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.

  • CVE-2021-36301Nov 23, 2021
    risk 0.01cvss epss 0.28

    Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system.

  • CVE-2026-26948Mar 18, 2026
    risk 0.00cvss epss 0.00

    Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could…

  • CVE-2026-26945Mar 18, 2026
    risk 0.00cvss epss 0.00

    Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged…

  • CVE-2025-22397Nov 6, 2025
    risk 0.00cvss epss 0.00

    Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a…

  • CVE-2024-25943Jun 29, 2024
    risk 0.00cvss epss 0.01

    iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable…

  • CVE-2024-25951Mar 9, 2024
    risk 0.00cvss epss 0.01

    A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.

  • CVE-2022-34436Jan 18, 2023
    risk 0.00cvss epss 0.00

    Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform…

  • CVE-2022-34435Jan 18, 2023
    risk 0.00cvss epss 0.01

    Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform…

  • CVE-2022-24423Apr 21, 2022
    risk 0.00cvss epss 0.02

    Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to cause resource exhaustion in the webserver, resulting in a denial of service condition.

  • CVE-2021-36348Jan 25, 2022
    risk 0.00cvss epss 0.01

    iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to…

  • CVE-2021-36347Jan 25, 2022
    risk 0.00cvss epss 0.02

    iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the…

  • CVE-2021-36346Jan 25, 2022
    risk 0.00cvss epss 0.04

    Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver.

  • CVE-2021-36300Nov 23, 2021
    risk 0.00cvss epss 0.33

    iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the webserver or cause information disclosure.

Page 1 of 2